2 matches found
CVE-2019-16374
Pega Platform 8.2.1 allows LDAP injection because a username can contain a character and can be of unlimited length. An attacker can specify four characters of a username, followed by the character, to bypass access control...
CVE-2019-16374
Vulnerability: Pega Platform 8.2.1 exposes an LDAP injection via usernames that can contain a * and be of unlimited length, enabling bypass of access control. Root cause (per sources): The username field allows a star character and unbounded length, which an attacker can exploit by supplying four...